helm-external-secrets/.github/workflows/ci.yml

name: CI

on:
  push:
    branches:
      - main
      - release-*
  pull_request: {}
  workflow_dispatch: {}

env:
  # Common versions
  GO_VERSION: '1.16'
  GOLANGCI_VERSION: 'v1.42.1'
  # list of available versions: https://storage.googleapis.com/kubebuilder-tools
  # TODO: 1.21.2 does not shut down properly with controller-runtime 0.9.2
  KUBEBUILDER_TOOLS_VERSION: '1.20.2'
  DOCKER_BUILDX_VERSION: 'v0.4.2'

  # Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
  # a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
  # credentials have been provided before trying to run steps that need them.
  GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
  
  # Sonar
  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

jobs:
  detect-noop:
    runs-on: ubuntu-18.04
    outputs:
      noop: ${{ steps.noop.outputs.should_skip }}
    steps:
      - name: Detect No-op Changes
        id: noop
        uses: fkirc/skip-duplicate-actions@v3.4.1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          paths_ignore: '["**.md", "**.png", "**.jpg"]'
          do_not_skip: '["workflow_dispatch", "schedule", "push"]'
          concurrent_skipping: false

  lint:
    runs-on: ubuntu-18.04
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Find the Go Cache
        id: go
        run: |
          echo "::set-output name=build-cache::$(go env GOCACHE)"
          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"

      - name: Cache the Go Build Cache
        uses: actions/cache@v2.1.6
        with:
          path: ${{ steps.go.outputs.build-cache }}
          key: ${{ runner.os }}-build-lint-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-build-lint-

      - name: Cache Go Dependencies
        uses: actions/cache@v2.1.6
        with:
          path: ${{ steps.go.outputs.mod-cache }}
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-pkg-

      # This action uses its own setup-go, which always seems to use the latest
      # stable version of Go. We could run 'make lint' to ensure our desired Go
      # version, but we prefer this action because it leaves 'annotations' (i.e.
      # it comments on PRs to point out linter violations).
      - name: Lint
        uses: golangci/golangci-lint-action@v2
        with:
          version: ${{ env.GOLANGCI_VERSION }}
          skip-pkg-cache: true
          skip-build-cache: true
          skip-go-installation: true

  check-diff:
    runs-on: ubuntu-18.04
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Find the Go Cache
        id: go
        run: |
          echo "::set-output name=build-cache::$(go env GOCACHE)"
          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"

      - name: Cache the Go Build Cache
        uses: actions/cache@v2.1.6
        with:
          path: ${{ steps.go.outputs.build-cache }}
          key: ${{ runner.os }}-build-check-diff-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-build-check-diff-

      - name: Cache Go Dependencies
        uses: actions/cache@v2.1.6
        with:
          path: ${{ steps.go.outputs.mod-cache }}
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-pkg-

      # Check DIff also runs Reviewable which needs golangci-lint installed
      - name: Check Diff
        run: |
          wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.42.1
          export PATH=$PATH:./bin
          make check-diff

  unit-tests:
    runs-on: ubuntu-18.04
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Fetch History
        run: git fetch --prune --unshallow

      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Find the Go Cache
        id: go
        run: |
          echo "::set-output name=build-cache::$(go env GOCACHE)"
          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"

      - name: Cache the Go Build Cache
        uses: actions/cache@v2.1.6
        with:
          path: ${{ steps.go.outputs.build-cache }}
          key: ${{ runner.os }}-build-unit-tests-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-build-unit-tests-

      - name: Cache Go Dependencies
        uses: actions/cache@v2.1.6
        with:
          path: ${{ steps.go.outputs.mod-cache }}
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-pkg-

      - name: Add envtest binaries
        run:  |
          curl -sSLo envtest-bins.tar.gz "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-${{env.KUBEBUILDER_TOOLS_VERSION}}-linux-amd64.tar.gz"
          sudo mkdir -p /usr/local/kubebuilder
          sudo tar -C /usr/local/kubebuilder --strip-components=1 -zvxf envtest-bins.tar.gz

      - name: Cache envtest binaries
        uses: actions/cache@v2.1.6
        with:
          path: /usr/local/kubebuilder
          key: ${{ runner.os }}-kubebuilder-${{env.KUBEBUILDER_TOOLS_VERSION}}
          restore-keys: ${{ runner.os }}-kubebuilder-

      - name: Run Unit Tests
        run: |
          export KUBEBUILDER_ATTACH_CONTROL_PLANE_OUTPUT=true
          make test


  publish-artifacts:
    runs-on: ubuntu-18.04
    needs: detect-noop
    if: needs.detect-noop.outputs.noop != 'true'

    steps:
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v1
        with:
          platforms: all

      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v1
        with:
          version: ${{ env.DOCKER_BUILDX_VERSION }}
          install: true

      - name: Checkout
        uses: actions/checkout@v2

      - name: Fetch History
        run: git fetch --prune --unshallow

      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Find the Go Cache
        id: go
        run: |
          echo "::set-output name=build-cache::$(go env GOCACHE)"
          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"

      - name: Cache the Go Build Cache
        uses: actions/cache@v2.1.6
        with:
          path: ${{ steps.go.outputs.build-cache }}
          key: ${{ runner.os }}-build-publish-artifacts-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-build-publish-artifacts-

      - name: Cache Go Dependencies
        uses: actions/cache@v2.1.6
        with:
          path: ${{ steps.go.outputs.mod-cache }}
          key: ${{ runner.os }}-pkg-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-pkg-

      - name: Login to Docker
        uses: docker/login-action@v1
        if: env.GHCR_USERNAME != ''
        with:
          registry: ghcr.io
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}

      - name: Build & Publish Artifacts
        if: env.GHCR_USERNAME != ''
        env:
          BUILD_ARGS: "--push --platform linux/amd64,linux/arm64"
        run: make docker.build

      - name: Promote Artifacts to main release channel
        if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
        run: make docker.promote
        env:
          RELEASE_TAG: main